allow multi-pass authentication schemes as e.g. MSCHAPv2
authorAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 6 Apr 2011 17:39:00 +0000 (19:39 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 6 Apr 2011 17:39:00 +0000 (19:39 +0200)
src/libcharon/plugins/eap_peap/eap_peap_peer.c
src/libcharon/plugins/eap_ttls/eap_ttls_peer.c

index 6b6c2a9..fe071b3 100644 (file)
@@ -125,6 +125,18 @@ METHOD(tls_application_t, process, status_t,
                return NEED_MORE;
        }
 
+       /* yet another phase2 authentication? */
+       if (this->ph2_method)
+       {
+               type = this->ph2_method->get_type(this->ph2_method, &vendor);
+
+               if (type != received_type || vendor != received_vendor)
+               {
+                       this->ph2_method->destroy(this->ph2_method);
+                       this->ph2_method = NULL;
+               }
+       }
+
        if (this->ph2_method == NULL)
        {
                if (received_vendor)
@@ -148,18 +160,10 @@ METHOD(tls_application_t, process, status_t,
                        in->destroy(in);
                        return NEED_MORE;
                }
+               type = this->ph2_method->get_type(this->ph2_method, &vendor);
                this->start_phase2 = FALSE;
        }
 
-       type = this->ph2_method->get_type(this->ph2_method, &vendor);
-
-       if (type != received_type || vendor != received_vendor)
-       {
-               DBG1(DBG_IKE, "received invalid EAP request");
-               in->destroy(in);
-               return FAILED;
-       }
-
        status = this->ph2_method->process(this->ph2_method, in, &this->out);
        in->destroy(in);
 
@@ -168,13 +172,8 @@ METHOD(tls_application_t, process, status_t,
                case SUCCESS:
                        this->ph2_method->destroy(this->ph2_method);
                        this->ph2_method = NULL;
-                       return NEED_MORE;
+                       /* fall through to NEED_MORE */
                case NEED_MORE:
-                       if (type != EAP_TNC)
-                       {
-                               this->ph2_method->destroy(this->ph2_method);
-                               this->ph2_method = NULL;
-                       }
                        return NEED_MORE;
                case FAILED:
                default:
index f7f676d..931eb2e 100644 (file)
@@ -163,6 +163,18 @@ METHOD(tls_application_t, process, status_t,
                return FAILED;
        }
 
+       /* yet another phase2 authentication? */
+       if (this->method)
+       {
+               type = this->method->get_type(this->method, &vendor);
+
+               if (type != received_type || vendor != received_vendor)
+               {
+                       this->method->destroy(this->method);
+                       this->method = NULL;
+               }
+       }
+
        if (this->method == NULL)
        {
                if (received_vendor)
@@ -186,18 +198,10 @@ METHOD(tls_application_t, process, status_t,
                        in->destroy(in);
                        return NEED_MORE;
                }
+               type = this->method->get_type(this->method, &vendor);
                this->start_phase2 = FALSE;
        }
 
-       type = this->method->get_type(this->method, &vendor);
-
-       if (type != received_type || vendor != received_vendor)
-       {
-               DBG1(DBG_IKE, "received invalid EAP request");
-               in->destroy(in);
-               return FAILED;
-       }
-
        status = this->method->process(this->method, in, &this->out);
        in->destroy(in);
 
@@ -206,13 +210,8 @@ METHOD(tls_application_t, process, status_t,
                case SUCCESS:
                        this->method->destroy(this->method);
                        this->method = NULL;
-                       return NEED_MORE;
+                       /* fall through to NEED_MORE */
                case NEED_MORE:
-                       if (type != EAP_TNC)
-                       {
-                               this->method->destroy(this->method);
-                               this->method = NULL;
-                       }
                        return NEED_MORE;
                case FAILED:
                default: